mirror of
https://github.com/github/codeql.git
synced 2026-01-05 02:30:19 +01:00
36 lines
1.0 KiB
Plaintext
36 lines
1.0 KiB
Plaintext
/**
|
|
* @name Weak encryption
|
|
* @description Finds uses of encryption algorithms that are weak and obsolete
|
|
* @kind problem
|
|
* @problem.severity warning
|
|
* @security-severity 7.5
|
|
* @precision high
|
|
* @id cs/weak-encryption
|
|
* @tags security
|
|
* external/cwe/cwe-327
|
|
*/
|
|
|
|
import csharp
|
|
|
|
predicate incorrectUseOfDES(ObjectCreation e, string msg) {
|
|
e.getType()
|
|
.(Class)
|
|
.hasFullyQualifiedName("System.Security.Cryptography", "DESCryptoServiceProvider") and
|
|
msg =
|
|
"DES encryption uses keys of 56 bits only. Switch to AesCryptoServiceProvider or RijndaelManaged instead."
|
|
}
|
|
|
|
predicate incorrectUseOfTripleDES(ObjectCreation e, string msg) {
|
|
e.getType()
|
|
.(Class)
|
|
.hasFullyQualifiedName("System.Security.Cryptography", "TripleDESCryptoServiceProvider") and
|
|
msg =
|
|
"TripleDES encryption provides at most 112 bits of security. Switch to AesCryptoServiceProvider or RijndaelManaged instead."
|
|
}
|
|
|
|
from Expr e, string msg
|
|
where
|
|
incorrectUseOfDES(e, msg) or
|
|
incorrectUseOfTripleDES(e, msg)
|
|
select e, msg
|